Re: [exim] Exim 4.66 Causing Kernel Panics?

Top Page
Delete this message
Reply to this message
Author: Don O'Neil
Date:  
To: 'W B Hacker', 'exim users'
Subject: Re: [exim] Exim 4.66 Causing Kernel Panics?
This was in the exim paniclog:

queue run: process 824 crashed with signal 15 while delivering
1HREbZ-0001JL-MH

Most likely from my last reboot when rolling back, so probably nothing big.

I'm running kern_securelevel of 3, so that's not an issue. I have run
portaudit and chkrootkit and nothing bad there either. Never tried rkhunter
before, so I installed that and ran it, again ok...

Any other items I shoud be looking into besides updating to 6.2 (which I
will be doing)?

-----Original Message-----
From: exim-users-bounces@??? [mailto:exim-users-bounces@exim.org] On
Behalf Of W B Hacker
Sent: Tuesday, March 13, 2007 4:13 PM
To: exim users
Subject: Re: [exim] Exim 4.66 Causing Kernel Panics?

Don O'Neil wrote:
> Anyone aware of a reason why a fresh build/install of exim 4.66 would
> cause kernel panics and reboots on my FreeBSD 6.1 machine?
>
> My machine, just out of the blue this morning, started rebooting every
> 3 minutes.... I narrowed it down to exim I think... As long as I never
> started up exim 4.66 the machine didn't have the problem... But as
> soon as I started it up, whammo... Panic and reboot.
>
> I've since rolled back to 4.63 and the problem seems to be resolved at
> least for the moment.


I've never had a *BSD machine do anything like that. Even with broken
builds.

Don't have that exact combo, but:

4.53 thru 4.66 on 4.11-STABLE VIA C3, Intel Celeron and P4, AMD Duron,
Athlon

4.63 on 6.2 AMD-64 (Intel dual core CPU) [1]

4.65 on 6.2 AMD-64 (Intel dual core CPU)

>
> The strangest thing is that I upgraded to 4.66 several days ago and
> the problem didn't show up until this morning. I'm not 100% sure the
> problem is exim but that's the only thing I could narrow it down to.
> Perhaps there is a new exim bug/exploit that I just didn't get hit
> with until today? I deleted the message queue just in case it was corrupt.
>


We've been on 6.2 since PRE last year, and it went production 2 months ago,
so I would first suggest getting the OS up to date. dot one builds are
usually suspect on any OS...

;-)


> ANY ideas from anyone as to what could be causing this (hardware
> perhaps?) would be appreciated.
>
>


What do you find just before the reboot in /var/log/console.log, ~/messages,
~/maillog, ~/auth, security, etc etc.....

...and the Exim log set, particularly ~/paniclog?

Are you using portaudit? chkrootkit? rkhunter? Running at kern_securelevel
of 2 or better?

HTH,

Bill

[1] Hammered (in vain) by bots on the night of the 12th to the tune of 3.5
million lines of not-overly-verbose logging for 24 hrs, over 800,000 in the
peak hour alone. DID outrun PgSQL connections and defer some legit traffic -
but ony for a few minutes out of that peak. Still sorting hown many
conections and message attempts that represented, but box stayed calm
throughout.

Ramped-up rejection settings to draconian on PTR fail et al, so problem
solved.

--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/